was surfing web and clicked to play video, windows said it needed a new codec to play installed it, I know dont say it, and now the info icon is displaying a critical system error. Upon clicking I am directed to a software site to buy there removal tool. Have done hijack this scan looks like a few lines dont belong but not sure, Tnx for looking. I believe its the "hpwis.com" entries that require deleting is this correct?

Attached Files

hijackthis.log (11.2 KB, 3 views)

Hi....

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


O21 - SSODL: equestre - {70305bc2-b289-4209-a344-be21f22bc930} - C:\WINDOWS\system32\zphnok.dll

Reboot.....................

Download and scan with Ewido Anti-Spyware v4.0
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\ewido anti-spyware 4.0, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on ewdio in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc

• Press "OK".
• Click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
• When you find the guard service, double-click on it.
• In the Properties Window > General Tab that opens, click the "Stop" button.
• From the drop-down menu next to "Startup Type", click on "Manual".
• Now click "Apply", then "OK" and close the Services window.

9. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
Once the updates are installed do the following:
1. Click on the "Scanner" button and choose the "Settings" tab.

• Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
• Under "How to Scan?" check all (default).
• Under "Possibly unwanted software" check all (default).
• Under "What to Scan?" make sure "Scan every file" is selected (default).
• Under "Reports" select "Automatically generate report after every scan and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?
5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\ewido anti-spyware 4.0\Reports\
6. Exit Ewido when done and submit the log report in your next response.

Thanks for the quick response. Have carried out the instructions as stated, report below. I currently use windows defender and spyware blaster and spybot search and destroy. I understand its not a good idea to have realtime monitoring on more than one program is this correct? Do I need to make any changes to ewido after the intitial setup instruction you gave me?

Attached Files

Report-Scan-20060923-094147.txt (6.3 KB, 4 views)

realtime monitoring is good to have if your on the net.It no more than what a virus scanner does.If you find its slowing you down you can always teminate it...

Your Ewido scan was fine and you should not have any more problems from that trojan....

Thanks Bugsey and Pancake, yes everythings fine now. My own fault for not checking a downloaded coded which windows said it needed to play a video. At least Winpatrol informed me of the danger. Once again thank you for your time and efforts guys keep up the good work, your doing a great job.

Your welcome.Glad to help